<html lang="en-US">

<head>
    
<title>elasticsearch&#43;kibana&#43;filebeat搭建 - 花落雨忧</title>

<meta property="og:title" content="elasticsearch&#43;kibana&#43;filebeat搭建 - 花落雨忧">



    



    
    <meta property="description" content="分析： 由于在上家公司接触到kibana，对查询语法和使用有一些基本认识，查询资料发现要搭建kibana，需要同时安装elasticsearch和filebeat
[&amp;hellip;] 使用dockerc-compose 搭建【此处省略docker-compose的安装】
[&amp;hellip;] docker-compose.yml 【注意：elasticsearch和kibana和filebeat &amp;hellip;">
    <meta property="og:description" content="分析： 由于在上家公司接触到kibana，对查询语法和使用有一些基本认识，查询资料发现要搭建kibana，需要同时安装elasticsearch和filebeat
[&amp;hellip;] 使用dockerc-compose 搭建【此处省略docker-compose的安装】
[&amp;hellip;] docker-compose.yml 【注意：elasticsearch和kibana和filebeat &amp;hellip;">
    






<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width,initial-scale=1">

<link rel="shortcut icon" href="https://www.lican.asia/logo/logo.png" type="image/x-icon" />



<link rel="stylesheet" href="/css/style.min.css" />

<link rel="stylesheet" href="/css/reset.min.css" />




<script src="https://www.lican.asia/js/highlight.min.js"></script>

<script>
hljs.configure({ ignoreUnescapedHTML: true })
hljs.highlightAll();
</script>


<script src="https://www.lican.asia/js/jquery.min.js"></script>




<link href="https://www.lican.asia/css/hugo-code.min.css" rel="stylesheet" />



    <style>
        .post-content img {
            max-width: 400px;
        }
    </style>
</head>

<body id="period" class="home blog">
    <a class="skip-content" href="#main">Press "Enter" to skip to content</a>
    <div id="overflow-container" class="overflow-container">
        <header class="site-header" id="site-header" role="banner">
    <div class="max-width">
        <div id="title-container" class="title-container">
            <div id="site-title" class="site-title"><a href="/">花落雨忧</a></div>
            <p class="tagline">思所及 力所行 方为真.</p>
        </div>
        
        <div id="menu-primary-container" class="menu-primary-container">
            <div class="icon-container">
            </div>
            <div id="menu-primary" class="menu-container menu-primary" role="navigation">
                <nav class="menu">
                    <ul id="menu-primary-items" class="menu-primary-items">
                        
                        
                        <li id="menu-item-0"
                            class="menu-item menu-item-type-custom menu-item-object-custom ">
                            <a href="/posts" aria-current="page" tabindex="0">首页</a></li>
                        
                        <li id="menu-item-1"
                            class="menu-item menu-item-type-custom menu-item-object-custom ">
                            <a href="/tech/" aria-current="page" tabindex="1">技术文档</a></li>
                        
                        <li id="menu-item-2"
                            class="menu-item menu-item-type-custom menu-item-object-custom ">
                            <a href="/article/" aria-current="page" tabindex="2">文章</a></li>
                        
                        <li id="menu-item-3"
                            class="menu-item menu-item-type-custom menu-item-object-custom ">
                            <a href="/project/" aria-current="page" tabindex="3">项目</a></li>
                        
                        <li id="menu-item-4"
                            class="menu-item menu-item-type-custom menu-item-object-custom ">
                            <a href="/about/" aria-current="page" tabindex="4">关于</a></li>
                        
                    </ul>
                </nav>
            </div>
        </div>
    </div>
</header>

        <div id="primary-container" class="primary-container">
            <div class="max-width">
                <section id="main" class="main" role="main">
                    <div id="loop-container" class="loop-container">
                        <div
                            class="post type-post status-publish format-standard hentry entry">
                            <article>
                                <div class="post-container">
                                    <div class="post-header">
                                        <h2 class="post-title">
                                            <a href="/tech/elasticsearch&#43;kibana&#43;filebeat%E6%90%AD%E5%BB%BA/">elasticsearch&#43;kibana&#43;filebeat搭建</a>
                                        </h2>
                                        
                                    </div>
                                    <div class="post-content">
                                        <h4 id="背景由于c端用户增多我们需要有一款针对用户的日志系统而不是登录容器分析日志从而提高效率快速定位问题">背景：由于C端用户增多，我们需要有一款针对用户的日志系统，而不是登录容器分析日志，从而提高效率，快速定位问题</h4>
<p>分析： 由于在上家公司接触到kibana，对查询语法和使用有一些基本认识，查询资料发现要搭建kibana，需要同时安装elasticsearch和filebeat</p>
<ul>
<li>elasticsearch：分布式实时搜索分析引擎，用作全文搜索，结构化搜索和分析搜索，可以用来处理大数据量</li>
<li>kibana：基于web界面，使用户能够直观地查看，分析和可视化存储在elasticsearch中的数据</li>
<li>filebeat：轻量级日志采集器，用于转发和集中日志中的数据</li>
</ul>
<h5 id="step1-安装">Step1: 安装</h5>
<blockquote>
<p>使用dockerc-compose 搭建【此处省略docker-compose的安装】</p>
</blockquote>
<p>docker-compose.yml 【注意：elasticsearch和kibana和filebeat最好使用同一个版本】</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go" data-lang="go"><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#a6e22e">version</span>: <span style="color:#960050;background-color:#1e0010">&#39;</span><span style="color:#ae81ff">3.7</span><span style="color:#960050;background-color:#1e0010">&#39;</span>
</span></span><span style="display:flex;"><span><span style="color:#a6e22e">services</span>:
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">elasticsearch</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">image</span>: <span style="color:#a6e22e">docker</span>.<span style="color:#a6e22e">elastic</span>.<span style="color:#a6e22e">co</span><span style="color:#f92672">/</span><span style="color:#a6e22e">elasticsearch</span><span style="color:#f92672">/</span><span style="color:#a6e22e">elasticsearch</span>:<span style="color:#ae81ff">7.17.3</span>  <span style="color:#960050;background-color:#1e0010">#</span> <span style="color:#a6e22e">使用你需要的版本</span>
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">container_name</span>: <span style="color:#a6e22e">elasticsearch</span><span style="color:#f92672">-</span><span style="color:#a6e22e">lican</span>
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">environment</span>:
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">-</span> <span style="color:#a6e22e">node</span>.<span style="color:#a6e22e">name</span>=<span style="color:#a6e22e">elasticsearch</span>
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">-</span> <span style="color:#a6e22e">discovery</span>.<span style="color:#66d9ef">type</span>=<span style="color:#a6e22e">single</span><span style="color:#f92672">-</span><span style="color:#a6e22e">node</span>  <span style="color:#960050;background-color:#1e0010">#</span> <span style="color:#a6e22e">单节点模式</span><span style="color:#960050;background-color:#1e0010">，</span><span style="color:#a6e22e">适合测试和开发环境</span>
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">-</span> <span style="color:#e6db74">&#34;xpack.security.enabled=false&#34;</span>  <span style="color:#960050;background-color:#1e0010">#</span> <span style="color:#a6e22e">如果不需要X</span><span style="color:#f92672">-</span><span style="color:#a6e22e">Pack安全特性</span><span style="color:#960050;background-color:#1e0010">，</span><span style="color:#a6e22e">可以禁用它</span>
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">-</span> <span style="color:#e6db74">&#34;ES_JAVA_OPTS=-Xms512m -Xmx512m&#34;</span>  <span style="color:#960050;background-color:#1e0010">#</span> <span style="color:#a6e22e">设置JVM内存</span>
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">ports</span>:
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">-</span> <span style="color:#e6db74">&#34;9200:9200&#34;</span>  <span style="color:#960050;background-color:#1e0010">#</span> <span style="color:#a6e22e">映射Elasticsearch的HTTP端口到宿主机的9200端口</span>
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">-</span> <span style="color:#e6db74">&#34;9300:9300&#34;</span>  <span style="color:#960050;background-color:#1e0010">#</span> <span style="color:#a6e22e">映射Elasticsearch的TCP传输端口</span><span style="color:#960050;background-color:#1e0010">（</span><span style="color:#a6e22e">用于集群节点间的通信</span><span style="color:#960050;background-color:#1e0010">）</span>
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">volumes</span>:
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">-</span> <span style="color:#a6e22e">data</span>:<span style="color:#f92672">/</span><span style="color:#a6e22e">usr</span><span style="color:#f92672">/</span><span style="color:#a6e22e">share</span><span style="color:#f92672">/</span><span style="color:#a6e22e">elasticsearch</span><span style="color:#f92672">/</span><span style="color:#a6e22e">data</span>  <span style="color:#960050;background-color:#1e0010">#</span> <span style="color:#a6e22e">将数据保存在一个名为data的卷中</span><span style="color:#960050;background-color:#1e0010">，</span><span style="color:#a6e22e">以便在容器停止后数据不会丢失</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">kibana</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">image</span>: <span style="color:#a6e22e">docker</span>.<span style="color:#a6e22e">elastic</span>.<span style="color:#a6e22e">co</span><span style="color:#f92672">/</span><span style="color:#a6e22e">kibana</span><span style="color:#f92672">/</span><span style="color:#a6e22e">kibana</span>:<span style="color:#ae81ff">7.17.3</span>
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">container_name</span>: <span style="color:#a6e22e">kibana</span>
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">environment</span>:
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">-</span> <span style="color:#a6e22e">ELASTICSEARCH_HOSTS</span>=<span style="color:#a6e22e">http</span>:<span style="color:#75715e">//elasticsearch:9200
</span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span>      <span style="color:#f92672">-</span> <span style="color:#a6e22e">I18N_LOCALE</span>=<span style="color:#a6e22e">zh</span><span style="color:#f92672">-</span><span style="color:#a6e22e">CN</span> <span style="color:#75715e">// 配置中文
</span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span>    <span style="color:#a6e22e">ports</span>:
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">-</span> <span style="color:#e6db74">&#34;5601:5601&#34;</span>
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">depends_on</span>:
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">-</span> <span style="color:#a6e22e">elasticsearch</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">filebeat</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">image</span>: <span style="color:#a6e22e">docker</span>.<span style="color:#a6e22e">elastic</span>.<span style="color:#a6e22e">co</span><span style="color:#f92672">/</span><span style="color:#a6e22e">beats</span><span style="color:#f92672">/</span><span style="color:#a6e22e">filebeat</span>:<span style="color:#ae81ff">7.17.3</span>
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">container_name</span>: <span style="color:#a6e22e">filebeat</span>
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">user</span>: <span style="color:#e6db74">&#34;root&#34;</span>  <span style="color:#960050;background-color:#1e0010">#</span> <span style="color:#a6e22e">可能需要root权限来读取日志文件</span>
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">volumes</span>:
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">-</span> .<span style="color:#f92672">/</span><span style="color:#a6e22e">filebeat</span>.<span style="color:#a6e22e">yml</span>:<span style="color:#f92672">/</span><span style="color:#a6e22e">usr</span><span style="color:#f92672">/</span><span style="color:#a6e22e">share</span><span style="color:#f92672">/</span><span style="color:#a6e22e">filebeat</span><span style="color:#f92672">/</span><span style="color:#a6e22e">filebeat</span>.<span style="color:#a6e22e">yml</span>:<span style="color:#a6e22e">ro</span> <span style="color:#960050;background-color:#1e0010">#</span> <span style="color:#a6e22e">配置文件</span>
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">-</span> <span style="color:#f92672">/</span><span style="color:#66d9ef">var</span><span style="color:#f92672">/</span><span style="color:#a6e22e">log</span>:<span style="color:#f92672">/</span><span style="color:#66d9ef">var</span><span style="color:#f92672">/</span><span style="color:#a6e22e">log</span>:<span style="color:#a6e22e">ro</span>  <span style="color:#960050;background-color:#1e0010">#</span> <span style="color:#a6e22e">假设你的日志文件在</span><span style="color:#f92672">/</span><span style="color:#66d9ef">var</span><span style="color:#f92672">/</span><span style="color:#a6e22e">log目录下</span>
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">-</span> <span style="color:#f92672">/</span><span style="color:#a6e22e">data</span><span style="color:#f92672">/</span><span style="color:#a6e22e">docker</span><span style="color:#f92672">/</span><span style="color:#a6e22e">containers</span>:<span style="color:#f92672">/</span><span style="color:#a6e22e">docker</span><span style="color:#f92672">/</span> <span style="color:#960050;background-color:#1e0010">#</span> <span style="color:#a6e22e">映射目录</span>
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">depends_on</span>:
</span></span><span style="display:flex;"><span>      <span style="color:#f92672">-</span> <span style="color:#a6e22e">elasticsearch</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#a6e22e">volumes</span>:
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">data</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">driver</span>: <span style="color:#a6e22e">local</span>
</span></span></code></pre></div><p>配置好编排文件后，启动</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go" data-lang="go"><span style="display:flex;"><span><span style="color:#a6e22e">docker</span><span style="color:#f92672">-</span><span style="color:#a6e22e">compose</span> <span style="color:#a6e22e">up</span> <span style="color:#f92672">-</span><span style="color:#a6e22e">d</span>;  <span style="color:#75715e">// -d：后台启动
</span></span></span><span style="display:flex;"><span><span style="color:#75715e"></span><span style="color:#a6e22e">docker</span><span style="color:#f92672">-</span><span style="color:#a6e22e">compose</span> <span style="color:#a6e22e">ps</span>; <span style="color:#75715e">// 查询运行状态
</span></span></span></code></pre></div><p>当发现以下界面，表示安装并启动成功</p>
<p><img src="https://www.lican.asia/images/elasticsearch/1.png" alt="1721874295334"></p>
<p>打开浏览器，通过服务器ip:端口访问，查看服务运行状态【请配置服务器端口的安全组】</p>
<p>访问http://localhost:9200，出现以下界面，表示elasticsearch运行成功</p>
<p><img src="https://www.lican.asia/images/elasticsearch/2.png" alt="1721874424161"></p>
<p>访问http://localhost:5601，出现以下界面，表示kibana运行成功</p>
<p><img src="https://www.lican.asia/images/elasticsearch/4.png" alt="1721874484318"></p>
<h5 id="step2-filebeat采集日志">Step2: filebeat采集日志</h5>
<blockquote>
<p>配置filebeat.yml 配置文件</p>
</blockquote>
<p>在dockerc-compose.yml文件中配置了filebeat的挂载目录，配置的是当前目录映射镜像内配置文件目录</p>
<ul>
<li>./filebeat.yml:/usr/share/filebeat/filebeat.yml:ro # 配置文件</li>
</ul>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go" data-lang="go"><span style="display:flex;"><span><span style="color:#a6e22e">filebeat</span>.<span style="color:#a6e22e">inputs</span>:
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">-</span> <span style="color:#66d9ef">type</span>: <span style="color:#a6e22e">log</span>
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">enabled</span>: <span style="color:#66d9ef">true</span>
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">paths</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">-</span> <span style="color:#f92672">/</span><span style="color:#66d9ef">var</span><span style="color:#f92672">/</span><span style="color:#a6e22e">log</span><span style="color:#f92672">/*</span>.<span style="color:#a6e22e">log</span>  <span style="color:#960050;background-color:#1e0010">#</span> <span style="color:#a6e22e">读取</span><span style="color:#f92672">/</span><span style="color:#66d9ef">var</span><span style="color:#f92672">/</span><span style="color:#a6e22e">log目录下的所有</span>.<span style="color:#a6e22e">log文件</span>
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">fields</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">log_source</span>: <span style="color:#a6e22e">filebeat_container</span>
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">tags</span>: [<span style="color:#e6db74">&#34;system_log&#34;</span>]
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#f92672">-</span> <span style="color:#66d9ef">type</span>: <span style="color:#a6e22e">log</span>
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">enabled</span>: <span style="color:#66d9ef">true</span>
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">paths</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">-</span> <span style="color:#f92672">/</span><span style="color:#a6e22e">docker</span><span style="color:#f92672">/</span><span style="color:#ae81ff">6</span><span style="color:#a6e22e">a53835ee69299075330327bd4bb712b69cf7f55a382a6647ba631d40d335321</span><span style="color:#f92672">/*</span>.<span style="color:#a6e22e">log</span> <span style="color:#960050;background-color:#1e0010">#</span> <span style="color:#a6e22e">系统日志</span>
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">fields</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">log_type</span>: <span style="color:#a6e22e">system</span>
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">tags</span>: [<span style="color:#e6db74">&#34;brewing-bigdata&#34;</span>]
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#a6e22e">setup</span>.<span style="color:#a6e22e">template</span>.<span style="color:#a6e22e">name</span>: <span style="color:#e6db74">&#34;filebeat-%{[agent.version]}&#34;</span>
</span></span><span style="display:flex;"><span><span style="color:#a6e22e">setup</span>.<span style="color:#a6e22e">template</span>.<span style="color:#a6e22e">pattern</span>: <span style="color:#e6db74">&#34;filebeat-%{[agent.version]}-*&#34;</span>
</span></span><span style="display:flex;"><span><span style="color:#ae81ff">3</span><span style="color:#a6e22e">setup</span>.<span style="color:#a6e22e">template</span>.<span style="color:#a6e22e">json</span>.<span style="color:#a6e22e">sha1</span>: <span style="color:#e6db74">&#34;&#34;</span> <span style="color:#960050;background-color:#1e0010">#</span> <span style="color:#a6e22e">可选</span><span style="color:#960050;background-color:#1e0010">，</span><span style="color:#a6e22e">如果你知道模板文件的SHA1哈希值</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#a6e22e">output</span>.<span style="color:#a6e22e">elasticsearch</span>:
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">hosts</span>: [<span style="color:#e6db74">&#34;http://120.79.80.2:9200&#34;</span>]
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">indices</span>:
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">-</span> <span style="color:#a6e22e">index</span>: <span style="color:#e6db74">&#34;system_log-%{[agent.version]}-%{+yyyy.MM.dd}&#34;</span>
</span></span><span style="display:flex;"><span>      <span style="color:#a6e22e">when</span>.<span style="color:#a6e22e">contains</span>:
</span></span><span style="display:flex;"><span>        <span style="color:#a6e22e">tags</span>: <span style="color:#e6db74">&#34;system_log&#34;</span>
</span></span><span style="display:flex;"><span>    <span style="color:#f92672">-</span> <span style="color:#a6e22e">index</span>: <span style="color:#e6db74">&#34;brewing_bigdata-%{[agent.version]}-%{+yyyy.MM.dd}&#34;</span>
</span></span><span style="display:flex;"><span>      <span style="color:#a6e22e">when</span>.<span style="color:#a6e22e">contains</span>:
</span></span><span style="display:flex;"><span>        <span style="color:#a6e22e">tags</span>: <span style="color:#e6db74">&#34;brewing-bigdata&#34;</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#a6e22e">setup</span>.<span style="color:#a6e22e">kibana</span>:
</span></span><span style="display:flex;"><span>  <span style="color:#a6e22e">host</span>: <span style="color:#e6db74">&#34;kibana:5601&#34;</span>
</span></span></code></pre></div><p>配置文件的inputs和outputs为设置索引并关联采集日志目录的地方，可以为多组，配置完成后，重启服务</p>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go" data-lang="go"><span style="display:flex;"><span><span style="color:#a6e22e">docker</span><span style="color:#f92672">-</span><span style="color:#a6e22e">compose</span> <span style="color:#a6e22e">down</span>;<span style="color:#a6e22e">docker</span><span style="color:#f92672">-</span><span style="color:#a6e22e">compose</span> <span style="color:#a6e22e">up</span> <span style="color:#f92672">-</span><span style="color:#a6e22e">d</span>;
</span></span></code></pre></div><p>在服务器上执行 docker logs -f -n 100 filebeat 查看运行日志，无明显错误，表示filebeat运行成功</p>
<p><img src="https://www.lican.asia/images/elasticsearch/5.png" alt="1721874556697"></p>
<h5 id="step3-关联elasticsearch和filebeat索引">Step3: 关联elasticsearch和filebeat索引</h5>
<blockquote>
<p>由于配置的filebeat索引是一个动态索引，日志采集后，需要进入elastcisearch中进行关联</p>
</blockquote>
<p>访问 http://localhost:5601</p>
<p><img src="https://www.lican.asia/images/elasticsearch/6.png" alt="1721875044228"></p>
<p><img src="https://www.lican.asia/images/elasticsearch/7.png" alt="1721875068193"></p>
<p><img src="https://www.lican.asia/images/elasticsearch/8.png" alt="1721875093407"></p>
<p><img src="https://www.lican.asia/images/elasticsearch/9.png" alt="1721875240450"></p>
<p>创建完成之后，就可以在索引栏这里更换索引了，查看filebeat在对应日志目录中采集到的日志啦~</p>
<p><img src="https://www.lican.asia/images/elasticsearch/10.png" alt="1721875321266"></p>
<p>此时，我就可以使用KQL语法搜索日志了</p>
<p><img src="https://www.lican.asia/images/elasticsearch/11.png" alt="1721875405540"></p>


                                        
                                    </div>

                                    

                                    

                                    
                                    
                                    

                                </div>
                            </article>
                        </div>
                    </div>
                </section>
                <aside class="sidebar sidebar-primary" id="sidebar-primary" role="complementary">
    <h1 class="screen-reader-text">Sidebar</h1>
    

    
    
    <section id="text-2" class="widget widget_text">
        <div class="textwidget">
            
            <div id="profile">
                <div id="profile_picture"><img src="https://www.lican.asia/logo/logo.png"></div>
                <div id="profile_intro">
                    <p><span class="name">Lican</span></p>
                    <p class="intro">全栈开发者，爱好造轮子。</p>
                </div>
            </div>
            
            <p>
                <script type="text/javascript">
                    (function ($) {
                        $(document).ready(function () {
                            var menuPrimaryContainer = $('#menu-primary-container');
                            var profile = $('#text-2');
                            $('#toggle-navigation').click(function () {
                                if (menuPrimaryContainer.hasClass('open')) {
                                    profile.removeClass('open');
                                } else {
                                    profile.addClass('open');
                                }
                            });
                        });
                    })(jQuery);
                </script>
            </p>
        </div>
    </section>
    
    
    
    
    
    <section id="text-5" class="widget widget_text">
        <h2 class="widget-title">开源项目</h2>
        <div class="textwidget">
            <div id="projects" style="line-height: 22px;">
                
                <a href="https://github.com/idoubi/gonews"
                    target="_blank">gonews</a>: &nbsp;Daily news for golang<br>
                
                <a href="https://github.com/idoubi/sql2struct"
                    target="_blank">sql2struct</a>: &nbsp;Generate go struct according to SQL<br>
                
                <a href="https://github.com/idoubi/goz"
                    target="_blank">goz</a>: &nbsp;Request library used in golang<br>
                
        </div>
    </section>
    
    

    
    
    
    
    <section id="qrcode" class="widget widget_media_image">
        <h2 class="widget-title">微信公众号</h2>
        <img width="258" height="258"
            src="https://www.lican.asia/wechat/lican.png"
            class="image wp-image-5514  attachment-full size-full" alt=""
            style="max-width: 100%; height: auto;"
            sizes="(max-width: 258px) 100vw, 258px">
    </section>
    
    

    
    
    

    
    
    

    
    
    
    
</aside>
            </div>
        </div>

        <footer id="site-footer" class="site-footer" role="contentinfo">
    <div class="max-width">
    </div>
    <div class="footer">
        <div id="footercontent">
            © lican.asia All rights reserved<br/>
            Built with Hugo Theme <a href="https://github.com/idoubi/hugo-theme-period" target="_blank">Period</a>
        </div>
    </div>
</footer>

<script>
    var _hmt = _hmt || [];
    (function() {
      var hm = document.createElement("script");
      hm.src = "https://hm.baidu.com/hm.js?e8351b6d4626d5881d439ea1f6184baa";
      var s = document.getElementsByTagName("script")[0]; 
      s.parentNode.insertBefore(hm, s);
    })();
</script>
    
    
    </div>
    
</body>

</html>